Republicans in both the U.S. House and Senate voted this month to reverse a series of federal rules — and the about-face has some privacy advocates up in arms.
Along party lines, the House voted 231-189 and the Senate voted 50-48 in favor of rolling back a rule passed by the Federal Communications Commission during the last months of former President Barack Obama's administration. The rule was aimed at "protecting the privacy of customers of broadband and other telecommunications services," according to the text of the bill passed by both chambers.
The FCC in late October 2016 adopted new rules that made Internet Service Providers subject to Section 222 of the Communications Act, stating that "every telecommunications carrier has a duty to protect the confidentiality of proprietary information of ... customers, including telecommunication carriers reselling telecommunications services provided by a telecommunications carrier."
"For purposes of the rules we adopt today to implement Section 222, we adopt a definition of 'telecommunications carrier' that includes all telecommunications carriers providing telecommunications services subject to Title II, including broadband Internet access service (BIAS)," the FCC report on the new rules, released Nov. 2, reads.
The report adds:
When we reclassified BIAS as a telecommunications service, we recognized that our existing customer proprietary network information (CPNI) rules were not necessarily well suited to the broadband context, and we therefore forbore from applying the existing Section 222 rules to BIAS. As part of this rule making we have explored what privacy and data security rules we should adopt for BIAS and whether we can harmonize our rules for voice and BIAS.
Throughout this order we find that it is in the interests of consumers and providers to harmonize our voice and broadband privacy rules. We therefore adopt a single definition of telecommunications carrier for purposes of these rules, and except as otherwise provided, adopt harmonized rules governing the privacy.
This month, Congress used the Congressional Review Act to reverse these Obama-era FCC rules.
According to the CRA, Congress has the authority to disapprove of rules passed by various federal agencies, such as the FCC. If the president signs the resolution of disapproval, the rules cannot take effect.
A White House official told Reuters Wednesday that President Donald Trump plans to sign the bill passed by Congress.
The Obama-era rule would have placed certain stipulations on ISPs that try to sell customer data to third parties.
For example, under the rules now reversed by Republicans, ISPs would have been required to ask customers to opt-in to sharing their personal information for the companies to sell to third parties.
The Obama-era rule also would have prevented companies from denying one service if they chose not to opt-in.
Prior to the FCC approving net neutrality rules in 2015, the Federal Trade Commission was responsible for enforcing internet privacy for consumers. According to the technology news website Ars Technica, ISPs "could have been punished" for violating customers' privacy before the Democratic rules were approved.
When the FCC approved net neutrality, the measure stripped the FTC of its oversight of ISPs, relegating those duties to the FCC instead. One effect of that action made it possible for ISPs to sell customer data to third parties based on a more complicated opt-out process.
TheBlaze spoke Thursday with Neema Singh Guliani, legislative counsel at the ACLU, about the decision to reverse these rules and what it means for the average consumer trying to keep their personal information just that — personal.
"Your browsing history is probably one of the most intimate intrusions into your life," Guliani said, adding that such data can reveal a lot about one's health, political views, financial situation, likes, and dislikes.
ISPs can sell this valuable data to third party individuals or companies looking to target certain advertisements.
"Internet service providers, they have a very unique access to information," Guliani said. "The amount of information they get about an individual is substantial and in a lot of cases, people can't just walk away. They can't say, 'Well, I don't like Comcast. I'm never going to use them again.' In many cases, Comcast or AT&T or whatever might be their only provider or at most they might have a handful of providers."
While consumers currently have the option of opting out of their information being sold to third parties by ISPs, Guliani pointed out that's sometimes easier said than done.
"For some of these companies," Guliani said, "to even figure out how you opt out can be a long and frustrating process."
Guliani suggested requiring ISPs to take a more proactive step: Instead of having consumers opt out, let them opt in.
"The idea that 'opt out' constitutes really meaningful consent is really questionable. I think a lot of people, at a practical level, don't really think that constitutes consent in any meaningful sense," Guliani said.
While there's no question that many government regulations can cause undue burdens on businesses, Guliani said that's not the case here.
"It's actually not that onerous to get somebody's permission," she told TheBlaze. "You can have somebody indicate that when they sign up."
Guliani said it's not clear how much one's data can be sold for. Regardless of the price tag, though, she suggested the idea is less about the money involved, and more about the authority it allows ISPs to wield, sometimes even without consumers' knowledge.
"Data is important and data is power," Guliani said. "And so I think it's really important that the data lay with the person who owns that data, not necessarily with this third party company that sees a third-party interest in selling that data."
The ACLU isn't the only organization alarmed by this move.
The San Francisco-based Electronic Frontier Foundation issued a statement condemning the bill, as passed in both the House and Senate.
Should President Donald Trump sign S.J. Res. 34 into law, big Internet providers will be given new powers to harvest your personal information in extraordinarily creepy ways. They will watch your every action online and create highly personalized and sensitive profiles for the highest bidder. All without your consent.
The EFF pointed out that by ISPs having access to such large amounts of personal data, it could make them more susceptible to hackers.
"This will harm our cybersecurity as these companies become giant repositories of personal data," the EFF statement reads.
Forbes contributor and New York Times bestselling author Larry Downes disagreed with the ACLU and EFF.
In a recent column, Downes said the GOP's decision to reverse the Obama-era rules would have little to no impact on consumers' privacy.
"The net impact on your privacy of this action, assuming President Trump approves the resolution, will be absolutely zero," Downes wrote.
"Congress’s disapproval does not authorize ISPs or anyone else to 'sell' customer data or investigate your web browsing history. It does not represent the 'death of online privacy.' ISPs will be given no 'new powers' to 'harvest your personal information in extraordinarily creepy ways,'" Downes insisted.
Downes pointed out that ever since revelations of the NSA's controversial spy program, "most websites and smartphone apps" started using encrypted technology to protect against these cyber intrusions.
"The effect of that shift has been to cut off everyone except the user and the site or app itself from seeing any information regarding specific interactions taking place, including searches, video viewing history, and shopping," Downes said. "Ironically, that effort was led by by the same advocacy groups who continue to insist on the need for an opt-in approach applied only to ISPs, who they argue see more not less internet traffic."